Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for monitoring a distributed business transaction over a plurality of machines and at least one network, comprising: monitoring, by a plurality of application agents, one or more applications that process requests and perform functions that make up the distributed business transaction to generate application data; monitoring, by a plurality of network agents, network sockets that are used to process communications between the plurality of machines as part of the distributed business transaction to generate network flow data; detecting, by one of the application agents, an application anomaly with the one or more monitored applications; based on the detecting of the application anomaly, querying the plurality of network agents to determine whether one of the network agents has detected a network flow anomaly associated with the monitored network sockets, wherein the querying the plurality of network agents include providing to the network agents, parameters that specify which of the monitored network sockets to analyze to identify the network flow anomaly; associating the detected network flow anomaly with the distributed business transaction; correlating the detected application anomaly and the detected network flow anomaly to identify the application anomaly as being affected by the network flow anomaly; and providing a snapshot displaying the correlated application anomaly and network flow anomaly associated with the distributed business transaction to indicate a relationship between the application anomaly and the network flow anomaly in the distributed business transaction.
2. The method of claim 1 , wherein the application anomaly is detected based on an application performance baseline.
3. The method of claim 1 , wherein the network flow anomaly is detected based on a network flow baseline.
4. The method of claim 1 , wherein associating the detected network flow anomaly with the distributed business transaction includes adding business transaction context information to the detected network flow anomaly portion of the network flow data.
5. The method of claim 1 , wherein monitoring the one or more applications include collecting metrics associated with performance of the one or more applications on the plurality of machines that process the distributed business transaction.
6. The method of claim 1 , wherein monitoring the network flow includes capturing packets of a given network flow associated with the distributed business transaction.
7. The method of claim 1 , wherein monitoring the network flow includes collecting metrics associated with performance of a given network flow between the plurality of machines that process the distributed business transaction.
8. The method of claim 1 , wherein correlating the detected application anomaly and the detected network flow anomaly includes grouping the application data and the network flow data by matching the address locations in the application data and the network flow data.
9. The method of claim 1 , including providing a call graph that displays the correlated application anomaly and network flow anomaly associated with the distributed business transaction.
10. A non-transitory computer readable storage medium having embodied thereon a program, the program being executable by a processor to cause operations for monitoring a business transaction, including: monitoring, by a plurality of application agents, one or more applications that process requests and perform functions that make up the distributed business transaction to generate application data; monitoring, by a plurality of network agents, network sockets that are used to process communications between the plurality of machines as part of the distributed business transaction to generate network flow data; detecting, by one of the application agents, an application anomaly with the one or more monitored applications; based on the detecting of the application anomaly, querying the plurality of network agents to determine whether one of the network agents has detected a network flow anomaly associated with the monitored network sockets, wherein the querying the plurality of network agents include providing to the network agents, parameters that specify which of the monitored network sockets to analyze to identify the network flow anomaly; associating the detected network flow anomaly with the distributed business transaction; correlating the detected application anomaly and the detected network flow anomaly to identify the application anomaly as being affected by the network flow anomaly; and providing a snapshot displaying the correlated application anomaly and network flow anomaly associated with the distributed business transaction to indicate a relationship between the application anomaly and the network flow anomaly in the distributed business transaction.
11. The non-transitory computer readable storage medium of claim 10 , wherein the program is executable by a processor to cause operations including detecting the application anomaly based on an application performance baseline.
12. The non-transitory computer readable storage medium of claim 10 , wherein the program is executable by a processor to cause operations including detecting the network flow anomaly based on a network flow baseline.
13. The non-transitory computer readable storage medium of claim 10 , wherein the program is executable by a processor to cause operations including associating the detected network flow anomaly with the distributed business transaction including adding business transaction context information to the detected network flow anomaly portion of the network flow data.
14. The non-transitory computer readable storage medium of claim 10 , wherein the program is executable by a processor to cause operations including correlating the detected application anomaly and the detected network flow anomaly including grouping the application data and the network flow data by matching the address locations in the application data and the network flow data.
15. The non-transitory computer readable storage medium of claim 10 , wherein the program is executable by a processor to cause operations including providing a call graph that displays the correlated application anomaly and network flow anomaly associated with the distributed business transaction.
16. A system for monitoring a business transaction performed by multiple computers, comprising: a server including a memory and a processor; and one or more modules stored in the memory and executable by the processor to perform operations including: monitoring, by a plurality of application agents, one or more applications that process requests and perform functions that make up the distributed business transaction to generate application data; monitoring, by a plurality of network agents, network sockets that are used to process communications between the plurality of machines as part of the distributed business transaction to generate network flow data; detecting, by one of the application agents, an application anomaly with the one or more monitored applications; based on the detecting of the application anomaly, querying the plurality of network agents to determine whether one of the network agents has detected a network flow anomaly associated with the monitored network sockets, wherein the querying the plurality of network agents include providing to the network agents, parameters that specify which of the monitored network sockets to analyze to identify the network flow anomaly; associating the detected network flow anomaly with the distributed business transaction; correlating the detected application anomaly and the detected network flow anomaly to identify the application anomaly as being affected by the network flow anomaly; and providing a snapshot displaying the correlated application anomaly and network flow anomaly associated with the distributed business transaction to indicate a relationship between the application anomaly and the network flow anomaly in the distributed business transaction.
17. The system of claim 16 , wherein the one or more modules stored in the memory is executable by the processor to perform operations including detecting the application anomaly based on an application performance baseline.
18. The system of claim 16 , wherein the one or more modules stored in the memory is executable by the processor to perform operations including detecting the network flow anomaly based on a network flow baseline.
19. The system of claim 16 , wherein the one or more modules stored in the memory is executable by the processor to perform operations including associating the detected network flow anomaly with the distributed business transaction including adding business transaction context information to the detected network flow anomaly portion of the network flow data.
20. The system of claim 16 , wherein the business transaction context information includes a business transaction identifier, tier identification for tiers involved in a given network flow, node identification information for nodes involved in the given network flow, or an identification of a portion of the distributed business transaction being executed over the given network flow.
21. The system of claim 16 , wherein the one or more modules stored in the memory is executable by the processor to perform operations including monitoring the network flow including collecting metrics associated with performance of a given network flow between the plurality of machines that process the distributed business transaction.
22. The system of claim 16 , wherein the one or more modules stored in the memory is executable by the processor to perform operations including correlating the detected application anomaly and the detected network flow anomaly including grouping the application data and the network flow data by matching the address locations in the application data and the network flow data.
23. The system of claim 16 , wherein the one or more modules stored in the memory is executable by the processor to perform operations including providing a call graph that displays the correlated application anomaly and network flow anomaly associated with the distributed business transaction.
Unknown
December 27, 2016
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.